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ABSTRACT EP 1134964 A2 

Playing a data signal from an illegally produced data storage medium 
can be 'effectively disabled regardless of " the type 'of storage medium so 
that copying can be prevented effectively at low cost. An encrypted data 
signal encrypting a copy-controlled data signal has superimposed thereto 
as a digital watermark identification data identifying the data signal as 
an encrypted signal. A data storage medium records this encrypted data 
signal, a data signal player reproduces the signal, and a data signal 
recorder records the signal. 

ABSTRACT WORD COUNT: 83 
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...SPECIFICATION pass key for encrypting the data sent to the digital 

interface is also shared. Using this shared bus key , the encryption 
unit 614 of the PC encoder encrypts the data requiring protection 
(including key data and signal data... pass key for encrypting the data 
sent to the digital interface is also shared. Using this shared bus 
key , the encryption unit 914 of the PC drive 900-2 encrypts data 
requiring protection (such as the key data. . . 
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Publication Language: English 
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Fulltext Availability: 

Detailed Description 

Claims 

Fulltext Word Count: 5184 
English Abstract 

A method and apparatus to protect unencrypted content or data in a 
storage media from prohibited use or reproduction by encrypting 
unprotected content before it is transmitted to another device or 
software application. A compliant device or software application is 
capable of decrypting the content, detecting any watermark within the 
content, and accessing or processing the content according to the 
restrictions associated with the detected watermark. Non-compliant 
devices or software are prevented from accessing or processing the 
content since they are unable to decrypt it. 

French Abstract 

L' invention concerne un procede et un appareil de protection de contenu 
ou de donnees non cryptes dans un support de stockage contre 
• 1 ' utilisation- ou la reproduction prohibees par -le cryptage de contenu non- 
protege avant qu'il ne soit transmis vers un autre dispositif ou une 
autre application logicielle. Un dispositif ou une application logicielle 
flexibles peuvent decrypter le contenu, detecter n'importe quel filigrane 
dans le contenu, et acceder a ou traiter le contenu en fonction des 
restrictions associees au filigrane detecte. II est possible d'empecher 
des dispositif s ou des logiciels non flexibles d 1 avoir acces a ou de 
traiter le contenu puisqu'ils sont incapables de le decrypter. 
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Publication 20030403 Al With international search report. 

Examination 20030626 Request for preliminary examination prior to end of 

19th month from priority date 
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Fulltext Availability: 
Detailed Description 

Detailed Description 
key . 

According to one implementation of the encryption/ 
decryption scheme for this content copy protection system, a 
random number generatpr... on the ^destination ^device 404 
generates a random or sequential number (referred 
hereinafter as "nonce") and ...a previously calculated 
media key using a one-way function and returns the result 
{i.e., a bus key } to an encryption logic component in the 
source device 402. The one-way function is configured such 
that the bus key can be generated by inputting the media key 
and the nonce, however, determining the media key from the 
bus key the previously calculated media key and the nonce to 
produce its own bus key to be used by a decryption logic 
component in the destination device 404... 



. . source 
11 

device 402 and destination device 404, both source and 
destination devices 402 and 404 will generate the same bus 
key provided that same media key and nonce was used by both 
devices to generate the bus key. In this manner, content 
from the storage media may be protected during transmission. 
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ABSTRACT EP 1265396 Al 

A system and method are realized which enables valid use of content by 
preventing unauthorized use of content which is caused by rewriting 
rights data. A structure is employed in which rights data including 
use-restriction information on content and DRM data including an 
encrypted content key are recorded in a digital data recording medium 
(media) , and in which an integrity check value (ICV) for the DRM data can 
be stored in a recordable/playable area (protected area) by using only a 
dedicated IC. EKB distribution is used to execute the tree-structure key 
distribution to distribute keys for generating ICV-generation verifying 
keys. In this . structure, unauthorized use. of. content .by rewriting of the - 
rights data is prevented. 
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. - G11B-020/10 

..SPECIFICATION processing flow in Fig. 15. 

First, by using the key generator 2 or 621 such as a random number 
generator , the ICV key is generated (S201). Next, by using a key 
set {a 'leaf fcey and a node' key T that the * device possesses," the " 
EKB processor (Process EKB) 614 executes the process for decrypting the 
EKB . When acquisition of the EKB key is a success (Yes in S202) , the 
process proceeds to step S203. When the device has been revoked, etc., it 
is impossible to acquire the EKB key by decrypting the EKB (No in step 
S202), the process ends. 

Next, by using the EKB key... case of updating the DRM data is described 
using the processing block diagram in Fig. 24. The device uses a key 
generator 1122 such as a random number generator to generates the 
ICV key , and generates the ICV-generation verifying key by using 
the EKB key to act on the ICV key in the key generator (Func) 1122. 

In addition, by using an ICV generating means (Calculate) 1123 to 
execute the ICV. . . 
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Claims 
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English Abstract 

A system is described for protecting digital content stored (112) on a 
storage medium (108) from unauthorized copying. The system includes a 
number generator to generate a nonce, an encryption subsystem (114) and a 
decryption subsystem (128) . The encryption subsystem encrypts data 
accessed from* a storage medium containing' a "key distribution data block 
(MKB,110) using an encryption bus key (124) prior to transmitting the 
encrypted data via a data bus (106) . The encryption bus key is derived 



based on at least a porSP'i of the key distribution data^Pock (110), at 
least one device key (116) assigned to the encryption subsystem and the 
nonce generated by the number generator. The decryption subsystem is 
coupled to the data bus to decrypt the encrypted data received over the 
data bus using a decryption bus key l"140) ' derived based on at least a 
portion of the key distribution data block, at least one device key (130) 
assigned to the decryption subsystem and the nonce generated by the 
number generator. 

French Abstract 

L' invention porte sur un systeme de protection d'un contenu numerique 
stocke dans une memoire a partir d'une copie non autorisee. Le systeme 
comprend un generateur de nombres destine a generer un intervalle de 
confiance, un sous-systeme de chiffrement et un sous-systeme de 
dechif f rement . Le sous-systeme de chiffrement chiffre des donnees d'un 
support d'enregistrement contenant un bloc de donnees de distribution de 
cles utilisant une cle de bus de chiffrement avant de transmettre les 
donnee chif frees par un bus. La cle du bus de chiffrement est derivee sur 
la base d'au moins une partie du bloc de donnees de distribution de cles, 
au moins une cle de dispositif etant affectee au sous-systeme de 
chiffrement et 1' intervalle de confiance genere par le generateur de 
nombres. Le sous-systeme de dechif f rement est couple au bus de donnees 
afin de dechiffrer les donnees chiffrees recues sur le bus de donnees au 
moyen d'une cle de bus de dechif f rement derivee sur la base d'au moins 
une partie' du" bloc de donnees* de distribution de "cles, au 'moins une cle 
du dispositif affectee au sous-systeme de dechif f rement et 1* intervalle 
de confiance genere par le generateur de nombres. 
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Claims 

Claim 

generator is a random 
number generator residing within said decryption subsystem. 
12 ' 

. A method comprising: 

a storage device reading a key distribution data block from a storage 
medium; 

the storage device processing at least a portion of said key 
distribution data 

block using at least one device key to compute a media key ; 
the storage device fetching a nonce generated by a number 
generator ; 

the storage device combining said nonce with said media key using a 
one 

way function to generate a bus key ; 

the storage device encrypting data read from the storage medium using 
the 

I 0 bus key generated by the storage device; and 

the storage device transmitting the encrypted data over a data bus. 

12. . . 
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English Abstract 

An optical disk, and a method and apparatus for reproducing and/or 
recording data to the disk are provided for preventing illegal ' copying of 
authorized disks recording copyrighted digital content. The optical disk 
10 has a control area 12 for storing control data, a data area 14 for 
storing main digital data (content) , and an identification area 13 for 
storing sub-digital data specific to the main digital data. The 
sub-digital data is recorded as a pit sequence (Rl, R3, R5) at a locally 
phase modulated clock timing. When disk identification data is recorded 
as the sub-digital data, key information stored to the reproduction 
apparatus is compared with identification data (sub-digital data) 
detected from jitter fluctuations in the identification area 13 when 
content is reproduced from tne optical disk"l6." ff a 'specific correlation 
is thus confirmed, the disk is recognized as a legally copied disk and 
reproduction is enabled. Illegal copies can thus be prevented. 
French Abstract 

L* invention concerne un disque optique, ainsi qu'un procede et un 



r ^ roduire et/ou d 1 enregistrer des^onnees sur 

ledit ciisque de maniere a 'emp'echer • la* copie "lll'egale 'de disques au'torises' 
enregistrant un contenu numerique protege. Le disque optique comporte une 
zone de controle (12) stockant des donnees de controle, une zone de 
donnees (14) stockant les donnees numeriques principales (le contenu) et 
une zone d ' identification (13) stockant des donnees sous-numeriques 
specif iques aux donnees numeriques principales. Les donnees 
sous-numeriques sont enregistrees coirane sequence a depression (Rl, R3, 
R5) selon une synchronisation d'horloge a modulation de phase locale. 
Lorsque les donnees d ' identification de disque sont enregistrees comme 
donnees sous-numeriques, les informations cle, stockees dans l'appareil 
de reproduction, sont comparees aux donnees d 1 identi f ication (donnees 
sous-numeriques) detectees a partir de fluctuations de gigue dans la zone 
d * identification (13) lorsque le contenu est reproduit a partir du disque 
optique (10) . Si une correlation particuliere est ainsi confirmee, le 
disque est reconnu comme etant un disque legalement copie et la 
reproduction est activee, ce qui permet d'empecher des copies illegales. 
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Detailed Description 
initial value 

memory 102b confidentially prestores the initial value for a pseudorandom 
number series generated by pseudo- random number generator 104. 

The encryption key memory 102c stores the 56-bit encryption key input 
from the encryption section. . . 
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Claims 
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English Abstract 

A scrambling architecture protects data streams in the operating system 
and hardware components of a computer by scrambling the otherwise raw 
data prior to the data being handled by the operating system. The 
architecture has a scrambler implemented at either the client or the 
server that adds noise to the content. More specifically, the scrambler 
producers periodic sets of .tone patterns .having varying amplitudes .based . 
on a first key. The scrambler also generates a random signal based on a 
first key and a second key. The tone patterns and random signal are added 
to the content to scramble the content. The scrambled content is then 
passed to the filter graph. The descrambler detects the tone patterns in 
the content and recovers the first key from the varying amplitudes of the 
tone patterns. The descrambler also receives the second key via a 
separate channel (e.g., a cryptographically secured path) and generates 
the same random signal using the recovered first key and the second key. 
The descrambler subtracts the tone patterns and the random signal from 
the scrambled content. 

French Abstract 

La presente invention concerne une architecture de brouillage protegeant 
les trains de donnees dans le systeme d* exploitation et les composants 
materiels d ' un ordinateur. II s'agit de brouiller des donnees brutes 
avant leur manipulation par le systeme d' exploitation. On dispose a cet 
effet au niveau du client ou du serveur d'un brouilleur ajoutant du bruit 
au contenu. De facon plus specif ique, le brouilleur produit des ensembles 
periodiques de structures sonores dont les amplitudes varient sur la base 
d'une premiere cle. Le bro.uilleur pro.duit. egaleme.nt. un signal alea.toire 
sur la base de la premiere cle et d'une seconde cle. Les structures 
sonores et le signal aleatoire ajoutes au contenu viennent le brouiller. 
Le contenu brouille est alors remis brouille pour traitement au graphe a 
filtre. Ce desembrouilleur recherche dans le contenu les structures 
sonores et reconstruit la premiere cle sur la base de leurs variations 
d' amplitude. II recoit egalement la seconde cle via un canal separe, tel 
qu'un chemin securise par cryptographie, puis produit le meme signal 
aleatoire sur la base de la premiere cle retablie et de la seconde cle 
pour. Pour restituer le contenu, le desembrouilleur elimine du contenu 
brouille les structures sonores. 
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Claim 

client. For instance, a publisher will typically retain copyright to a 
work so that the client cannot reproduce or publish the work without 



pen-nission. A publishe^^ould also adjust pricing accor^g to whether 
the. . . 



.certificates, and storing data securely. Fla. I shows a representative 
prior art system 20 having a content producer /provider 22 that 
produces original content (e.g., audio, video) and distributes the 
content over a network 24 to a client 26. The content producer /provider 
22 has a content storage 30 to store digital data streams of original 
content and a . . . 

.the source material by keeping an encrypted copy of the content on disk, 
and keeping a decryption key safely somewhere. While this architecture 
safely protects the content from the provider 22 to the client 26... 

.technology from Microsoft Corporation. The 
ZD ZD 

mixer 64 processes the PCM data with other sources to produce a desired 
output. At ...noise by adding a random signal to the content. More 
particularly, the client has a scrambler to produce periodic sets of 
deterministic tone patterns. The scrambler modulates the amplitude of the 
tone patterns based on a first key , thereby embedding the first key 
into the modulated tone patterns. The scrambler also generates a random 
signal >ased on the first . key and a. second key The tone patterns and. 
random signal are added to the PCM data to scramble the content. The. . , 

.subtracting out the noise. The descrambler detects the tone patterns in 
the content and recovers the first key from the varying amplitudes of 
the tone patterns. The descrambler also receives the second key via a 
separate channel (e.g., a cryptographically secured path) and 
generates the same random signal based on the recovered first key and 
the second key . The descrambler subtracts the tone patterns and the 
random signal from the scrambled content to restore the... 

.and playback content. The tamper-resistant software stops attackers from 

easily modifying this 

:D 

component or extracting keys . However, at some point the audio must be 
handed to the operating system for playback. The architecture... 

.to the media output device (s) 44. The scrambler 106 and descrambler 112 
utilize one or more secret keys 114 to generate the scrambling 
signal that is added to the PCM data. The keys 1 14 may be passed 
between, the media player 1,02. .and the ..driver ..II .0. through. an in-band . 
channel accompanying the scrambled data, and/or via an out-of-band 
channel separate from the data path (e.g. the IOCTL device 1/0 control 
channel in DirectX) . One implementation of the media player 102 and 
driver I 10, and the keys utilized to scramble and unscramble PCM data, 
is described below in more detail with reference to Fig... 

.incentive for the theft. Moreover, it is very difficult to unscramble 
the data without knowledge of the keys 1 14. 
Scrambfin2 Techniques 

There are different ways to implement the scrambling architecture at the 
client to. . . 

.is to add noise to the signal. In the audio context, one noise-addition 
scheme is to generate a set of speech, music or noise-like functions 
using a session key and add those functions to the signal, either 
directly in the time domain or in a frequency. . . 

.domain. The choice of function, its amplitude, phase, and dilation is 
selected on the basis of the key generator. Addiner a few tens of noise 
bursts ,j?er. second renders .the. signal .jioise Is. quite large* evea if. the. 
attacker knows the noise basis. However, given the key (and assuming no 
overloads) the noise signal can be subtracted exactly to return to the 
unscrambled state. . . 

.segments. Within each frame, segments are permuted and reassembled. 



Topically, each frame a different permutation. A s^et key 

controls the sequence of permutations. In frequency-domain scrambling, 
the signal is partitioned into overlapping frames (e... 

.filter bank. The frequency bands are pen-nuted and sent through a 
svnthesis filter bank. Again;* a secret 'key controls the sequence "of 
permutations. Frequencydomain scrambling is harder to break than 
time-domain scrambling, but has... 

.to the data (step 206). The scrambler 106 has a tone burst generator and 
modulator 120 to generate a synchronization tone and a cryptographic 
pseudo random number generator (PRNG) 122 to generate a random 
signal. Both the syne tone and the random signal are added to the PCM 
data to produce noisy or scrambled PCM data. The tone burst generator 
120 and PRNG 122 use two levels of keys to create the sync tone and 
random signal: (1) an "in-band" key 124, and (2) an "out-ofband" or 
"session" key 126. Both the tone burst generator 120 and the PRNG 122 
use the in-band key 124, while only the PRNG 122 uses the out-of-band 
key 126. The keys may be implemented, for example, with large bit 
length, such as 56-bit or 128-bit keys ■ The tone burst generator and 
modulator 120 uses the in-band key to generate sets of tone bursts 
that can be easily recognized at the descrambler (step 208 in Fig. 5... 

.304 utilizes +0 0.5 to represent a second binary value (e.g., 0). The 
in-band key 124 is embedded into the sets of tone burst sequences as an 
aggrega'te of the bits in o'rde'r to pas's the 'key "along with the" data to 
the driver. The in-band key can be changed with each audio/ video clip, 
with sets of clips, or even within clips. The kHz, the tone burst 
generator 120 generates a synchronization tone at 22,05 kHz. The tone 
can be easily detected at the descrambler and. . . 

.will remove this tone frequency. 

With reference again to Figs. 4 and 5, the cryptographic PRNG 122 
generates a pseudo random signal using the in-band key and the 

out-of-band session key (step 210 in Fig. 5) . Fig. 7 shows an exemplary 
random sequence 4 00 having a 

random pattern of data values with amplitudes of +1 or The PRNG 122 is... 

.being zero to avoid introducing a DC shift to the original data signal. 
While the in-band key 124 is embedded into the tone sync signal, the 
session key 126 is kept independent of the data and passed over a 
separate channel 128 1 5 from the data path. The session key 12 6 is 
protected using a cryptographic key exchange (e.g., a Dif f ie-Hellman 
exchange and authentication) to ensure that the key 126 is safely 
transported from the media player 102 to the driver I 10 over the 
channel' 128 "(which can be* the IOCTL "device "control "channel in DirectX, 
for example) . Accordingly, the scrambler 106 or media player 102 is 
equipped with encryption and signing capabilities to encrypt and sign the 
session key for secure transportation to the driver 110 and 
descrambler 1 12. 
The scrambler 106 adds... 



.and delay introduced by the filter graph 108, and demodulates the tones 
to recover the in-band key 124 (step 218 in Fig. 5). The tone detector 
140 passes the recovered in-band key 124 to the PRNG 142. The 
descrambler 112 also receives the session key 126 from the out-of-band 
channel 128, decrypts and authenticates it, and gives the key 12 6 to 
the PRNG 142. The descrambler is equipped with decryption and 
verification means to decrypt and authenticate the session key as 
having been sent from the media player 102. The PRNG 142 implements the 
same algorithm as that used in the media driver's PRNG 122. Given the 
same in-band key 124 and session key 126, the PRNG 142 recreates the 
same random signal that was previously added to the PCM data... 

.energy after tone subtraction is minimized. The regenerated sync tone 
with th'e correct gain and *del*ay is' produced ' in "module 5'1 0. 
Detection of the in-band key is performed by amplitude demodulation 



module 512. For each tone burst, the module compares the curst amplitude 
...amplitude is equal to 1.0 and the averacre is 0.75), then a bit of the 
key is demodulated as having one binary value (say "one" >. If the 
amplitude is below that average (say... 

.amplitude is equal to 0.5 and the average is 0.75), then a bit of the 
key is demodulated as having the other binary value (say "zero"). The 
process is repeated for subsequent tone burst until all bits of the in 
band key 124 are recovered. The in-band key 124 can then be used by 
the 

cryptographic PRNG 142 to regenerate the random noise sequence to. . . 

.may be scrambled by XORing at least a portion of the content with a 
random bit stream generated by the PRNG 122. For instance, for 16 bit 
audio, the least significant 13 bits are XORed with bits generated by 
the PRNG 122. This effectively scrambles the content, with the additional 
property that one cannot "overflow. . . 
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English Abstract 

A cable television system provides conditional access to services. The 
cable television system includes a headend from which service 
"instances", or programs, are broadcast and a plurality of set top units 
for receiving the instances and selectively decrypting the instances for 
display to system subscribers. The service instances are encrypted using 
public and/or private keys provided by service providers or central 
authorization agents. Keys used by the set tops for selective decryption 
may als'o be public or priv*at£* in natu're, and su'cit keys ma^ be reassigned 
at different times to provide a cable television system in which piracy 
concerns are minimized. 

French Abstract 

La presente invention concerne un reseau de televiseur par cable 
fournissant un acces conditionnel a des services et comprenant une tete 
de bus depuis laquelle sont diffuses les "instances" de services, ou 
programmes, ainsi qu'une pluralite de cof frets d'abonnes permettant aux 
abonnes de recevoir et de decrypter selectivement les instances pour les 



regarder. Les instances^P services sont cryptees en uti^^ant des clefs 
publiques et/ou privees fournies par des fournisseurs de services ou des 
centraux d ' autorisation . Les clefs qu 1 utilisent les cof frets d'abonnes 
pour le decryptage selectionne peuvent etre a caractere privees ou 
publiques, et reaffectees a differents moments pour offrir un reseau de 
television par cable peu sensible aux piratages. 
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Claim 

ftu-ther comprising: 
the entitlement agent coupled to the controller for generating an 

. . instance of .. ... . „ .... 

service; 

a random number generator for generating a multi- session key 
(MSK) ; 

a processor coupled to the random number generator and the 

controller for hashing the instance of service and the MSK in a secure 
one-way hash to generate a digest that is included as a part of the 
information . 
88 

SUBSTITUTE SHEET (RULE 26) 
. The... 

...36, further comprising: 

an encryptor coupled to the controller for further encrypting the 
information using a public key associated with the service reception 
component prior to transmission of the information. 

38 The service origination component ... terminal . 

47 The cable television system of claim 4' ),, wherein the service 

. . origination component . .. . , • . 

further comprises: 

a random number generator for generating a multi-session key 
(MSK) ; 

a processor coupled to the random number generator and the 

controller for hashing an instance of service and the MSK in a secure 
one-way hash to generate a digest that is included as a part of the 
information . 
90 

SUBSTITUTE SHEET (RULE 26) 
. The... 

. . .message including the digest, wherein the entitlement management message 
is encrypted by the processor using the private key to generate the 
information that is transmitted to the service reception component. 

49 The cable television system of claim. . . 
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English Abstract 

Operation of a video cassette player (10) is facilitated by providing a 
vertical blanking interval decoder (60a) which decodes information such 
as title, date, time and length of broadcast programs and utilizing the 
information in providing a directory of the programs (33a) as well as 
control of the VCR. The VCR is also provided with a VBI encoder (60b) for 
inserting control as well as directory information into the tape, either 
in portions of the video track (13) or in the control track (11) . 

French Abstract 

Le fonctionnement d'un lecteur de cassettes video (10) est facilite par 
la mise en place d'un decodeur d'intervalle de suppression de trame (60a) 
qui decode* des informations tfelles'que le" tit ire*, "la date," 'l'heure et la 
duree des programmes de radiodif fusion. Ces informations sont utilisees 
pour creer un repertoire des programmes (33a) ainsi que pour la commande 
du magnetoscope. Ce dernier est egalement equipe d'un codeur d'intervalle 
de suppression de trame (60b) permettant d'inserer sur la bande des 
informations relatives a la commande ainsi qu'au repertoire, soit dans 
des parties de la piste video (13), soit dans la piste de commande (11). 
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Detailed Description 

address marks are written at I minute intervals onto the control track 
of a VHS tape. In computer backup of hard discs by tape, the streaming 
mode is usually used where a constant stream of ... beginning of each 
program on the tape and at the end of the tape. 



The TID is generated by seeding a random number generator with 
the time of the first usage of the VCR so that the probability of two 



VCRs . . . 



Descripti^^^ 

RANDOM (N) { SEQUENC? OR NUMBER? . OR NUMERIC? ), ( ) GENERATOR? , 
GENERATE? OR REPRODUCE? OR CREATE? OR PRODUCE? OR DEVELOP? 
NONCE OR RANDOM () (SEQUENCE? OR NUMBER? OR NUMERIC) 
ENCRYPT? OR SCRAMBL? OR CIPHER? OR CRYPT? OR CODE OR ENCIP- 
HER? OR CODING OR CODED OR ENCOD? 

BUS OR BUSES OR PATHWAY OR CHANNEL 

(SECRET OR PRIVATE OR CRYPTO?) () (KEY OR KEYS OR CODE?) OR - 

PKI 

(PORTION OR PART OR SECTION) (3N) ((DATA OR INFORMATION OR F- 
ACT?) () (SEGMENT? OR PIECE? OR BLOCK? OR CHUNK? OR BITS OR BYT- 
ES) ) 

DISTRIBUTION OR ALLOCATION OR DISSEMINATION OR DISPERSAL OR 
DISPERSION OR DISTRIBUTE? 

(DEVICE? OR CLIENT? OR PC OR COMPUTER? OR WORKSTATION? OR - 
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Title: Elliptic curve random number generation 
Author: Lee, Lap-Piu; Wong, Kwok-Wo 

Corporate Source: Department of Electronic Engineering City University of 
Hong Kong, Kowloon Tong, Hong Kong 

Conference Title: IEEE Region 10 International Conference on Electrical 
and Electronic Technology 

Conference Location: Singapore, Singapore Conference Date: 

20010819-20010822 

Sponsor: IEEE Region 10 

E.I. Conference No.: 60749 

Source: IEEE Region 10 International Conference on Electrical and 
Electronic Technology 2001. (IEEE cat n 01CH37239) 
Publication Year: 2001 
ISBN: 0780371011 
Language: English 

' Documen't Type! CA; (Conference Article) 'Treatment: 'T; {Theoretical ) ' 
Journal Announcement: 0303W5 

Abstract: A random number generator based on the addition of the 
points on an elliptic curve over finite fields is proposed. By using the 
proposed generator with Elliptic Curve Cryptographic (ECC) system together, 
we can save hardware and software components. Since the proposed random 
number generator is based on the core operation of ECC, it can be 
designed and implemented efficiently using the existing components. The 
period of the bit sequences is analyzed theoretically. Moreover, Sequences 

produced by this generator have passed the FIPS 140-2 statistical tests 
of the Cryptographic Standards and Validation Programs at NIST. As a 
result, the proposed generator is found suitable to be a random number 
generator . 11 Refs. 

Descriptors: Random number generation; Public key cryptography; 
Computer hardware; Computer software; Polynomials 

Identifiers: Elliptic curves; Finite fields 

Classification Codes: 
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Title: Building the IBM 4758 secure coprocessor 

Author: Dyer, J.G.; Lindemann, M.; Perez, R. ; Sailer, R. ; Van Doom, L.; 
Smith, S.W.; Weingart, S. 

Corporate Source: IBM T.J. Watson Research Center, Hawthorne, NY, United 
States 

Source: Computer v 34 n 10 October 2001. p 57-66 

Publication Year: 2001 

CODEN: CPTRB4 ISSN: 0018-9162 

Language: English 

Document Type: JA; (Journal Article) Treatment: G; (General Review) 
Journal Announcement: 0111W3 

Abstract: IBM's Common Cryptoraphic Architecture product group realized 
that its* next-generation pr*odu*ct requi'red properties* possessed by the 
secure coprocessor that IBM Research advocated. This knowledge gave the 
research team a unique and perhaps nonrepeatable opportunity. Meeting the 
challenge of building a user-configurable secure coprocessor provided 
several lessons in hardware and software development and continues to 
spur further research. (Edited abstract) 10 Refs. 

Descriptors: Security of data; Program processors; Computer hardware; 



Software engineering; Col^Fter crime; Public key crypt^^aphy; 

Interfaces ( conputer ) ; Firmware; Network protocols; ROM; Random access 
storage; Encoding (symbols) ; Computer operating systems 

Identifiers: Coprocessor; Public key interfaces; Common cryptographic 
architecture; Hardware tamper response; Random number generators ; 
Authentication; Application programming interface 

Classification Codes: 
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Hardware) 

72 (COMPUTERS & DATA PROCESSING) 



22/5/3 (Item 1 from file: 2) 

DIALOG (R) File 2:INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

02645502 INSPEC Abstract Number: C86025507 
• Title: A current view of random number • generators 
Author(s): Marsaglia, G. 

Author Affiliation: Dept. of Comput. Sci., Washington State Univ., 
Pullman, WA, USA 

Conference Title: Computer Science and Statistics. Proceedings of the 
Sixteenth Symposium on the Interface p. 3-10 
Editor(s): Billard, L. 

Publisher: North-Holland, Amsterdam, Netherlands 

Publication Date: 1985 Country of Publication: Netherlands xi+296 pp. 
ISBN: 0 444 87725 8 

Conference Date: March 1984 Conference Location: Atlanta, GA, USA 
Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) ; Experimental (X) 

Abstract: The ability to generate satisfactory sequences of random 
numbers is one of the key links between Computer Science and 
Statistics. Standard methods may no longer be suitable for increasingly 
sophisticated uses, such as in precision Monte Carlo studies, testing for 
primes, combinatorics, or public encryption schemes. This article describes 
stringent new tests for which standard random number generators : 
congruential, shift-register and lagged- Fibonacci, give poor results, and 
describes- new methods that pass the ■ stringent- tests -and seem more suitable- 
for precision Monte Carlo use.. (14 Refs) 

Subfile: C 

Descriptors: random number generation; statistics 

Identifiers: combining simple generators; randomness testing; random 
number generators ; Monte Carlo studies; congruential; shift- register; 
lagged- Fibonacci 
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C7400 (Engineering) 
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Title: Information retrieval system 
Assignee(s): Western Electric Co. Inc 
Patent Number: GB 1279459 Issue Date: 720628 
Application Date: 690716 

Priori fry Applt Number: US -745-738 ■ Priority Appl Date: 680718 

Country of Publication: UK 

Language: English Document Type: Patent (PT) 
Treatment: Practical (P) 

Abstract: The system referred to consists of a magnetic memory divided 
into parts each of which stores data blocks and key words corresponding 
to blocks stored in another part of the memory, the data blocks are 
accessed from the memory parts in sequence and successive key words are 



compared with associati^P data block requests to ena^P the accessing 
system to retrieve a desired block. Preferably each data block has a unique 
address in its memory part , and a matching data block address is 
stored in a register forming part of the accessing system. 
Subfile: C 

Descriptors: information retrieval systems; magnetic storage systems; 
storage management 

Identifiers: information retrieval system; magnetic memory; address; 
accessing system 
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Analysis , of pseudo random . sequences „ generated t by, cellular automata, 
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Meier, W; Staffelbach, O 

HTL Brugg-Windisch, CH; GRETAG Regensdorf, CH 

EUROCRYPT '91, Advances in Cryptology, Workshop on the Theory and 

Application of Cryptographic Techniques, Brighton, GB, April 8-11, 19911991 

Document type: Conference paper Language: English 

Record type: Abstract 

ISBN: 3-540-54620-0; 0-387-54 620-0 

ABSTRACT : 

The security of cellular automata for stream cipher applications is 
investigated. A cryptanalytic algorithm is developed for a known 
plaintext attack where the plaintext is assumed to be known up to the 
unicity distance. The algorithm is shown to be successful on small 
computers for key sizes up to N between 300 and 500 bits. For a cellular 
automation to be secure against more powerful adversaries it is concluded 
that the key size N needs to be about 1000 bits. The cryptanalytic 
algorithm takes advantage of an equivalent description of the cryptosystem 
in which the keys are not equiprobable . It is shown that key search can be 
.reduced considerably if one ,is contented to. succeed qn^y with a certain . 
success probability. This is established by an information theoretic 
analysis of arbitrary key sources with non-uniform probability 
distribution. 

DESCRIPTORS: AUTOMATON; MULTIPROCESSING SYSTEMS ; RANDOM SEQUENCE ; 
CIPHERING- -ENCRYPTION; RANDOM NUMBER GENERATORS ; DATA INTEGRITY 
IDENTIFIERS: ZELLULAERER AUTOMAT; CHI F FRET EXT; RUECKKOPPLUNGSREGISTER; 
KLARTEXT; SCHLUESSELSYSTEM; Verschluesselung; zellulaerer Automat 
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2002-344440 [JP 2002344440 A) 
November 29, 2002 (20021129) 
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ABSTRACT 

PROBLEM TO BE* SOLVED: To provide a data reproducing device, capable of 
instantaneously starting the reproduction of digital data by shortening an 
access time, since the reproduction of digital data is instructed by a 
user, until the reproduction of digital data is actually started. 

SOLUTION: The preceding data part of digital data obtained, by 

converting information such as characters, voices, static images, and 
moving images into digital signals is non-enciphered, and only the 
subsequent data part is enciphered, and the digital data are 

distributed to a client. When the reproduction of the digital data is 
instructed, a client requests key data for solving the cryptograph to a 
server and reproduces the leading data part of the digital data in 
parallel . 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide an optical disk recorder or the like which 
is capable of preventing the illicit copying of the whole of an optical 
disk recorded with digital written works as it is. 

SOLUTION: This optical disk device has a formatter 1 which forms the 
channel signal corresponding to main digital information, a secret key 
memory section lc which stores sub-digital information ( secret key ) , a 

pseudo random - number generator 2 which generates pseudo random - 



number sequences, an ^Kr 4 which logically inverts th^Pseudo- random 
number sequences in accordance with the respective bits of the secret 
key , a PE modulator 5 which forms a PE modulation signal in accordance 
with the logically inverted pseudo random - number sequences, a phase 
modulator 6 which advances the phase of the edge of the channel signal by 
a specified slight time when the PE modulation signal is * 1* and delays the 
phase of the edge of the channel signal by a specified slight time when 
the PE modulation signal is '0' and a recording channel 7 for forming 
recording marks in a DVD 9 based on the channel signal to be modulated 
which is formed by the phase modulator 6. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide a data operation method that facilitates 
the utilization by legal users without losing the author's copyright and 
the copyright of digital contents. 



SOLUTION: Part of digital contents 11 is copied to generate a partial data 
part 43, which is encrypted by using a contents key 45, the contents 
key 45 and image composite information 42 are encrypted by an encryption 
key 47 to generate permission information 48, contents information 41 is 
visibly embedded to the digital contents 11, a data part 50 with the 
permission information to which the permission information 48 is embedded 
as invisible information and an encrypted partial data part 46 are 
composited to generate composite data 60, which are distributed - 
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ABSTRACT 

PROBLEM TO BE SOLVED: To use similarly enciphered contents data among 
respective equipments in common and to realize a firm copy protecting 
method. 

SOLUTION: A seed key (Kcs) generated by a random number generator , 
etc., is produced by a source device, and the seed key (Kcs) is subjected 
to encipherment by utilizing a combination key (Kck) , and the enciphered 
seed key (eKcs) is transmitted to a sink device. By the source device , a 
contents key (Kc) for ciphering and deciphering contents data (Contents) 
is produced .in accordan.ce .with the, function between the seed key (Kcs). 
and independent variable data (Nc) . Thus, the enciphered contents data (e 
[Contents (KC)]) are deciphered by using the contents key (Kc) . 
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ABSTRACT 

PURPOSE: To easily cope with various contract/charging forms by allocating 
one of plural scramble key candidates to the distribution of scramble 
keys and also allocating other key candidates to the program element 
groups respectively. 

CONSTITUTION: A scramble key selector means 3 selects one of key 
candidates 31, 32 and 33 which are read out of the key candidate storage 
areas 21, 22 and 23 of a scramble key storage means 2 based on the 
scramble key selection information on the header part of an unprocessed 
packet signal 5. Then the means 3 sends the selected key candidate to a 
scramble/descramble means 4 as a scramble key 7. The key 7 scrambles 
.and descrambles the data . part pf ..the signal. 5 and outputs a. processed, 
packet signal 6. The selection of the 1st key candidates 11 and 31 are 
limited in a time band when the scramble keys can be distributed and 
therefore (N-l) pieces of key candidates are available when the total 
number of key candidates is equal to N. These key candidates are 
allocated to M types of program element groups respectively and the 
scramble/descramble operations are carried out. When M program element 
groups are more than (N-l) key candidates, the M groups are duplicated. 
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ABSTRACT 

PURPOSE: To improve a handleability by retrieving a sampling frequency 
distribution and a retrieval key in combination. 

CONSTITUTION: A key changing over to a display of sampling frequency 
distribution , a scanning key reproducing a specified time signal after 
performing a music program searching, and a program searching key 
performing the music program searching, are provided in the signal 
reproducing device. When a display device of the reproducing device is 
changed over to the display of sampling frequency distribution and also 
the scanning key is pushed, an operation input signal from the key 
switch 2 is transmitted to a main CPU 4 through a display processing 
circuit 3. By the CPU 4, the sampling frequency of a subcode part in the 
region of a main data part is retrieved and the changed point of 

sampling frequency existing . in the part „ backward from the present, 
reproducing position is retrieved, then the specified time recording signal 
is reproduced while making the detected time point to the reproduction 
start position. In the case the program searching key is pushed, the 
changed point of the sampling frequency existing in the part forward or 
backward from the present reproducing position by the number of key 
pushing times is detected, thereby the program searching is performed. 
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ABSTRACT 

PURPOSE: To prevent malfunction when accessing an allocated record 



occurring by storing number of records allocatable^J one track and 

that of records when reading one track after allocation , and comparing 
those numbers of records. 

CONSTITUTION: This controller is comprised of a bus controller 5, a 
processor 6, a first logic circuit 8 which calculates and stores the length 
of a key part and a data part sent from software and the number of 
records allocatable to one track from the number of data transfer, a second 
logic circuit 9 which stores the number of records when one track is read 
after the allocation , and a comparator 1 which compares the numbers of 
records stored in the logic circuits 8 and 9. The comparator 7 sends a 
comparison result to the processor 6, and the processor 6 reports normal 
completion when coincidence is obtained between them and abnormal 
completion when noncoincidence is obtained to a central processing unit via 
a communication bus 2. Thereby, it is possible to prevent the malfunction 
occurring when accessing the record allocated next. 
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Abstract (Basic) : US 20020141577 Al 

NOVELTY - An encryption subsystem encrypts data accessed from a 
disk using an encryption key prior to transmitting the encrypted 
data through a data bus . The encryption key is derived based on 
a key distribution data block, device keys assigned to the 
encryption subsystem and a random number. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following: , ... ....... - . . . . .... 

(1) Copy protection method; and 

(2) Copy protection apparatus. 

USE - For protecting digital content stored on a storage medium 



such as DVD, CD-ROM, dPrical disk, magneto-optical disK^plash-based 

memory, floppy disk, hard drive, ROM, RAM, EPROM, EEPROM, magnetic or 
optical cards, from unauthorized copying. 

ADVANTAGE - Effectively improves the protection of digital content 
transmitted over bus and protects the content against reply attack by 
using the random number to generate the encryption key. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart 
illustrating DVD contents decrypting and descrambling procedure. 

pp; 11 DwgNo 5/5 
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Key distribution system for secure communication - uses random number 
generator in terminal to prepare encryption or decryption keys 

according to random numbers generated by communication apparatus 

and terminal , and secret key held by both 
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Abstract (Basic) : EP 793367 A 

The communication system includes a communication apparatus for 
reception or transmission and a terminal provided with a memory in 
which data for specifying function of the communication apparatus are 
stored. The communication apparatus and the terminal each include a 
random number generating unit for generating a random number . An 
encryption/decryption key preparing unit is used for preparing an 
encryption/decryption key on the basis of both random numbers 
generated by the respective random number generating units of the 
communication apparatus and the terminal and a secret key held in 
common by both. 

An encryption/decryption processing unit encrypts or decrypts 
communication data between the communication apparatus and the 
terminal. It includes the data by using the encryption/decryption key. 



USE/ADVANTAGE - M^ains higher security even if duplication is 

monitored. Makes alteration or forgery difficult. 
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in code communication according to random number generated by 
random number generator 
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Abstract (Basic): JP 8107411 A 

The device performs a code communication by using a secret code 
key The device enciphers a communication information in which 
transmitting and receiving is possible. A random - number generating 
unit outputs random numbers according to a predetermined rule. 

A code key varying part changes the secret code key according to 
the output of the random - number generating unit. A transmitter 
sends a routine information which includes the transmit value of the 
random number • 

ADVANTAGE - Prevents pair of common sentence and code sentence to 
be known since count value is selected at random. Does not reduce 
intensity of code since top image data always differs even when same 
document is repeatedly transmitted. Does not change quantity of image 
data -even when code key -is changed." 
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Abstract (Basic) : JP 7162692 A 

The method involves transmission of the information enciphered 
through a predetermined communication circuit from the call side 
terminal equipment (1) to the called party terminal equipment. A 
random number generator (15) generates a random number 
sequence based on which a call side terminal equipment produces a 
code key using a control device (11) . The NSS of option signal which 
contains random number sequence is used for generating code key and 
is transmitted through telephone circuit (3) . 

The encipherment / decipherment processing device (16) carries out 
encipherment of image da.ta, which . is. transmitted based on the code key. . 
The code key is reproduced at the called party facsimile appts, based 
on the random number sequence. The received image is decoded based 
on the reproduced code key. 

ADVANTAGE - Simplifies process by avoiding need for registering 
fixed code key in memory. Maintains secrecy of communication by 
transmitting random number sequence which is used for generating 
code key. 

Dwg .2/6 

Title Terms: CODE; COMMUNICATE; METHOD; DECODE; INFORMATION; RECEIVE; 

THROUGH; PREDETERMINED; COMMUNICATE; CIRCUIT; CALL; SIDE; TERMINAL; 

EQUIPMENT; BASED; REPRODUCE ,* CODE; KEY 
Derwent Class: P85; W01; W02 

International Patent Class (Main) : H04L-009/16; H04N-001/44 
International Patent Class (Additional) : G09C-001/06; H04L-009/06; 

H04L-009/14; H04N-001/32 
File Segment: EPI; EngPI 



31/5/12 (Item 5 from file: 350) 

.DIALOG ( RLFile 350: Derwent WPJX ... . „ 

(c) 2004 Thomson Derwent. All rts . reserv. 

008212551 

WPI Acc No: 1990-099552/199013 

XRPX Acc No: N90-076924 

Information distribution system for supplying encrypted packages - 
de-crypts and displays information selected by user reported by telephone 

Patent Assignee: CRYPTOLOGICS INT INC (CRYP-N) ; CRYPTOLOGICS INT IN 

(CRYP-N) ; INDATA CORP (INDA-N); SPRAGUE P J (SPRA-I) 
Inventor: LIPSCOMB T H; MICHENER J R; PARKER J K; SPRAGUE P J 
Number of Countries: 022 Number of Patents: 007 
Patent Family: 



Patent No 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


WO 


9002382 


A 


19900308 


WO 89US3474 


A 


19890814 


199013 B 


AU 


8941882 


A 


19900323 








199033 


EP 


472521 


A 


19920304 


EP 89909918 


A 


19890814 


199210 


US 


5247575 


A 


19930921 


US 88232706 


A 


19880816 


199339 










US 89338275 


A 


19890414 











0 


tin 

us 


Oooctl eft 


A 


1 QftQflfil A 












TTQ 


Q9QT^ QQ1 








EP 


472521 


A4 


iyy juoju 


hr 


OQQnOQI ft 

oy y us y±o 








EP 


472521 


Bl 


19980603 


EP 


OQQflOQI ft 

o y y uyy lo 


A 




1 QQQOfi 










WU 




r\ 






DE 


68928694 


£ 


19980709 


DE 




7\ 

A 




1 QQft'5'J 










EP 


□yyuyyio 


A 

A 














WO 


89US3474 


A 


19890814 





Priority Applications (No Type Date 
19880816; US 89338275 A 19890414; 
Cited Patents: US 4467424; US 46958 
. WO 8802202; WO 8802960 . 
Patent Details: 

Patent No Kind Lan Pg Main IPC 

WO 9002382 A E 61 

Designated States (National) : AU 
Designated States (Regional) : AT 

EP 472521 A 

Designated States (Regional) : AT 

US 5247575 A 26 H04K-001/02 



EP 472521 Bl E G06F-017/30 

Designated States (Regional) : AT 
DE 68928694 E G06F-017/30 



): US 89366150 A 19890614; US 88232706 A 

US 92874991 A 19920424 
80; US 4789863; l.Jnl.Ref; US 4486853; 



Filing Notes 

BR DK FI HU JP KP KR NO SU 
BE CH DE FR GB IT LU NL SE 

BE CH DE FR GB LI 
CIP of application US 88232706 
CIP of application US 89338275 
Cont of application US 89366150 
Based on patent WO 9002382 

BE CH DE FR GB LI 
Based on patent EP 472521 
Based on patent WO 9002382 



Abstract (Basic) : WO 9002382 A 

The system provides information to a user, when the information 
corresponds to criteria individually selected by the user, and then 
charges the user only for the selected information this provided, 
encrypted information packages are .provided. a.t .the .user , site,- via high . 
and/or low density storage media and/or by broadcast transmission. The 
information packages selected by the user are decrypted and printed or 
displayed. 

The charges for the information packages displayed are accumulated 
within the users apparatus and periodically reported to the systems 
cnetral accounting facility which issues encryption keys , which are 
changed periodically. If a new encryption key has not been issued the 
user will be unable to retrieve information from the system when the 
key is charged. 

ADVANTAGE - Low cost information serives accessed by user in 
seamless manners. Min. telephone usage and central computing time. 
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